Fixes without api prefix tests

Signed-off-by: Darshit Chanpura <[email protected]>

.cspell

@@ -163,6 +163,7 @@ subqueries
 subschemas
 subword
 syserr
+tcnative
 tdigest
 tenantinfo
 termvectors

spec/namespaces/security.yaml

@@ -99,6 +99,8 @@ paths:
       responses:
         '200':
           $ref: '#/components/responses/security.tenant_info@200'
+        '403':
+          $ref: '#/components/responses/security.tenant_info@403'
         '500':
           $ref: '#/components/responses/security.tenant_info@500'
     post:
@@ -109,6 +111,8 @@ paths:
       responses:
         '200':
           $ref: '#/components/responses/security.tenant_info@200'
+        '403':
+          $ref: '#/components/responses/security.tenant_info@403'
         '500':
           $ref: '#/components/responses/security.tenant_info@500'
   /_plugins/_security/whoami:
@@ -143,7 +147,7 @@ paths:
           $ref: '#/components/responses/security.who_am_i_protected@200'
         '500':
           $ref: '#/components/responses/security.who_am_i_protected@500'
-  /_plugins/_security/_upgrade_check:
+  /_plugins/_security/api/_upgrade_check:
     get:
       operationId: security.config_upgrade_check.0
       x-operation-group: security.config_upgrade_check
@@ -154,7 +158,7 @@ paths:
       responses:
         '200':
           $ref: '#/components/responses/security.config_upgrade_check@200'
-  /_plugins/_security/_upgrade_perform:
+  /_plugins/_security/api/_upgrade_perform:
     post:
       operationId: security.config_upgrade_perform.0
       x-operation-group: security.config_upgrade_perform
@@ -1365,7 +1369,7 @@ components:
       content:
         application/json:
           schema:
-            $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
+            $ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
     security.delete_role@200:
       description: ''
       content:
@@ -1539,7 +1543,7 @@ components:
       content:
         application/json:
           schema:
-            $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
+            $ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
     security.get_distinguished_names@200:
       description: ''
       content:
@@ -1551,7 +1555,7 @@ components:
       content:
         application/json:
           schema:
-            $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
+            $ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
     security.get_permissions_info@200:
       description: ''
       content:
@@ -1713,7 +1717,7 @@ components:
       content:
         application/json:
           schema:
-            $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
+            $ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
     security.patch_distinguished_names@200:
       description: ''
       content:
@@ -1725,7 +1729,7 @@ components:
       content:
         application/json:
           schema:
-            $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
+            $ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
     security.patch_role@200:
       description: ''
       content:
@@ -1852,6 +1856,14 @@ components:
         application/json:
           schema:
             $ref: '../schemas/security._common.yaml#/components/schemas/TenantInfo'
+    security.tenant_info@403:
+      description: ''
+      content:
+        text/plain:
+          type: string
+        application/json:
+          schema:
+            $ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
     security.tenant_info@500:
       description: ''
       content:
@@ -1881,7 +1893,7 @@ components:
       content:
         application/json:
           schema:
-            $ref: '../schemas/security._common.yaml#/components/schemas/Unauthorized'
+            $ref: '../schemas/security._common.yaml#/components/schemas/Forbidden'
     security.validate@200:
       description: ''
       content:

spec/schemas/security._common.yaml

@@ -134,10 +134,10 @@ components:
           type: string
           description: User's name.
         user_requested_tenant:
-          type: string
+          type: ['null', string]
           description: Name of the tenant the user wants to switch to.
         remote_address:
-          type: string
+          type: ['null', string]
           description: The IP address of remote user.
         backend_roles:
           type: array
@@ -152,13 +152,13 @@ components:
           type: object
           description: Tenants the user has access to with read-write or read-only access indicator.
         principal:
-          type: string
+          type: ['null', string]
           description: User principal.
         peer_certificates:
-          type: number
+          type: [number, string]
           description: Number of peer certificates.
         sso_logout_url:
-          type: string
+          type: ['null', string]
           description: Logout url.
         size_of_user:
           type: string
@@ -399,6 +399,17 @@ components:
         doNotFailOnForbiddenEmpty:
           type: boolean
 
+    Forbidden:
+      type: object
+      properties:
+        status:
+          type: string
+          enum:
+            - 403
+        message:
+          type: string
+          description: Message returned as part of Forbidden response.
+
     GenerateOBOToken:
       type: object
       properties:
@@ -416,7 +427,7 @@ components:
       type: object
       properties:
         message:
-          type: string
+          type: ['null', string]
         mode:
           type: string
         status:
@@ -594,13 +605,13 @@ components:
       type: object
       properties:
         principal:
-          type: string
+          type: ['null', string]
           description: User principal.
         peer_certificates:
-          type: number
+          type: [number, string]
           description: Number of certificates.
         peer_certificates_list:
-          type: array
+          type: [array,'null']
           description: List of domain names from peer certificates.
         local_certificates_list:
           type: array
@@ -615,13 +626,13 @@ components:
           type: boolean
           description: A boolean to indicate if OpenSSL is available.
         ssl_openssl_version:
-          type: string
+          type: [number, string]
           description: Version of openssl.
         ssl_openssl_version_string:
-          type: string
+          type: ['null', string]
           description: Full version string for openssl version.
         ssl_openssl_non_available_cause:
-          type: string
+          type: ['null', string]
           description: Reason for openssl unavailability.
         ssl_openssl_supports_key_manager_factory:
           type: boolean
@@ -638,6 +649,20 @@ components:
         ssl_provider_transport_client:
           type: string
           description: Returns transport client's name.
+      required:
+        - peer_certificates
+        - principal
+        - ssl_cipher
+        - ssl_openssl_available
+        - ssl_openssl_non_available_cause
+        - ssl_openssl_supports_hostname_validation
+        - ssl_openssl_supports_key_manager_factory
+        - ssl_openssl_version
+        - ssl_openssl_version_string
+        - ssl_protocol
+        - ssl_provider_http
+        - ssl_provider_transport_client
+        - ssl_provider_transport_server
 
     Tenant:
       type: object
@@ -668,17 +693,6 @@ components:
       additionalProperties:
         $ref: '#/components/schemas/Tenant'
 
-    Unauthorized:
-      type: object
-      properties:
-        status:
-          type: string
-          enum:
-            - 403
-        message:
-          type: string
-          description: Message returned as part of FORBIDDEN response.
-
     UpgradeCheck:
       type: object
       properties:
@@ -745,11 +759,11 @@ components:
       type: object
       properties:
         dn:
-          type: string
+          type: ['null', string]
         is_admin:
-          type: string
+          type: boolean
         is_node_certificate_request:
-          type: string
+          type: boolean
 
     TenantInfo:
       type: object

tests/security/with-api-prefix/account.yaml

@@ -14,7 +14,7 @@ prologues:
         opendistro_security_roles: []
         backend_roles: []
         attributes: {}
-    status: 200
+    status: [200]
 chapters:
   - synopsis: Get account details.
     path: /_plugins/_security/api/account
@@ -41,7 +41,7 @@ epilogues:
       payload:
         current_password: myWeakPassword123!
         password: myStrongPassword123!
-    status: 200
+    status: [200]
   - path: /_plugins/_security/api/internalusers/{username}
     method: DELETE
     parameters:

tests/security/with-api-prefix/action_groups.yaml

@@ -15,7 +15,7 @@ prologues:
         type: index
         description: Test action group
         static: false
-    status: 200
+    status: [200]
 chapters:
   - synopsis: Get action groups bulk.
     path: /_plugins/_security/api/actiongroups

tests/security/with-api-prefix/audit.yaml

@@ -50,4 +50,5 @@ chapters:
         op: add
         path: /config/enabled
         value: 'true'
-    status: 200
+    response:
+      status: 200

tests/security/with-api-prefix/certificates.yaml

@@ -11,8 +11,7 @@ prologues:
     parameters:
       h: id
       full_id: true
-    response:
-      status: 200
+    status: [200]
     output:
       node_id: payload.0.id
 chapters:

tests/security/without-api-prefix/upgrade.yaml → tests/security/with-api-prefix/upgrade.yaml

@@ -4,12 +4,12 @@ description: Test upgrade eligibility endpoints.
 version: '>= 2.14'
 chapters:
   - synopsis: Check whether an upgrade can be performed.
-    path: /_plugins/_security/_upgrade_check
+    path: /_plugins/_security/api/_upgrade_check
     method: GET
     response:
       status: 200
   - synopsis: Perform the upgrade.
-    path: /_plugins/_security/_upgrade_perform
+    path: /_plugins/_security/api/_upgrade_perform
     method: POST
     request_body:
       payload:

tests/security/without-api-prefix/authinfo.yaml

@@ -10,6 +10,21 @@ chapters:
       verbose: false
     response:
       status: 200
+      payload:
+        user_requested_tenant: null
+        principal: null
+        peer_certificates: '0'
+        sso_logout_url: null
+        user: 'User [name=admin, backend_roles=[admin], requestedTenant=null]'
+        user_name: admin
+        backend_roles: [admin]
+        custom_attribute_names: []
+        roles: [own_index,all_access]
+        tenants:
+          global_tenant: true
+          admin_tenant: true
+          admin: true
+
   - synopsis: Get auth info via POST.
     path: /_plugins/_security/authinfo
     method: POST
@@ -18,3 +33,17 @@ chapters:
       verbose: false
     response:
       status: 200
+      payload:
+        user_requested_tenant: null
+        principal: null
+        peer_certificates: '0'
+        sso_logout_url: null
+        user: 'User [name=admin, backend_roles=[admin], requestedTenant=null]'
+        user_name: admin
+        backend_roles: [admin]
+        custom_attribute_names: []
+        roles: [own_index,all_access]
+        tenants:
+          global_tenant: true
+          admin_tenant: true
+          admin: true

tests/security/without-api-prefix/health.yaml

@@ -9,10 +9,18 @@ chapters:
       mode: strict
     response:
       status: 200
+      payload:
+        message: null
+        mode: strict
+        status: UP
   - synopsis: Get security health info via POST.
     path: /_plugins/_security/health
     method: POST
     parameters:
       mode: strict
     response:
-      status: 200
+      status: 200
+      payload:
+        message: null
+        mode: strict
+        status: UP